Crash with the W2k3 SP1.

Hi All,
I’ve got a sever bug check 0x4e i.e. PFN_LIST_COURRUPT with following crash
pattern.

************************************************************
*
*
* Bugcheck Analysis
*
*
*
************************************************************

PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000009a,
Arg2: 00005850
Arg3: 00000006
Arg4: 00000002

Debugging Details:

OVERLAPPED_MODULE: rdbss

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x4E

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 8087207f to 8082f270

STACK_TEXT:
f78d64fc 8087207f 00000003 00000000 0000004e
nt!RtlpBreakWithStatusInstruction
f78d6548 80872fae 00000003 81084794 81084780 nt!KiBugCheckDebugBreak+0x19
f78d68e0 80873432 0000004e 0000009a 00005850 nt!KeBugCheck2+0x5b2
f78d6900 80883996 0000004e 0000009a 00005850 nt!KeBugCheckEx+0x1b
f78d691c 80898bf8 81084780 808b55c0 00d42858 nt!MiBadRefCount+0x33
f78d6950 8089a565 85850000 f78d6a08 85f506f0 nt!MiFreePoolPages+0x5b9
f78d69a8 8089a2f0 206d6457 00000000 f78d6a28 nt!ExFreePoolWithTag+0x277
f78d69b8 f727087f 85850000 808b3648 859d20e0 nt!ExFreePool+0xf
f78d6a28 f726f432 859d2000 00000000 859d20e0 thh_kl!remove_eq+0x1cf
f78d6a50 f726d9b8 859d2000 00000000 00000000
thh_kl!THH_eventp_teardown_eq+0x2a2 f78d6a64 f7247128 859d2000 00000246
00000000 thh_kl!THH_eventp_destroy+0x78
f78d6aac f7247894 f751b808 00000000 f78d6acc
thh_kl!THH_hob_close_hca_internal+0x258 f78d6abc f720629b f751b808 f751b808
f78d6ae0 thh_kl!THH_hob_close_hca+0x14
f78d6acc f72023af 85faf9c8 00000000 85faf9c8 vip_kl!HOBKL_destroy+0x14b
f78d6ae0 f71d9ace 00000000 f78d6b0c f72e58a9 vip_kl!VIPKL_close_hca+0x4f
f78d6aec f72e58a9 00000000 f78d6b10 00000001 vapi_kl!VAPI_close_hca+0xe
WARNING: Stack unwind information not available. Following frames may be
wrong.
f78d6b0c f72e7a2f 85e17030 00000003 f78d6b30 mdt+0xa8a9
f78d6b2c f72e6558 85e17030 00000004 808b3648 mdt+0xca2f
f78d6bb4 8080c5b0 85e17030 8538c958 8538c9ec mdt+0xb558
f78d6bc8 8080c69d 8080c41c 8538c9ec 8538c958
nt!IofCallDriverSpecifyReturn+0x41
f78d6bdc 8080c85d 8538c9ec 8538c958 8080c41c nt!PopPresentIrp+0x59
f78d6c00 8080c41c 85e17030 85e177a8 808b3648 nt!PoCallDriver+0x19b
f78d6c1c f72e6470 85edf700 00000002 00000004 nt!PoRequestPowerIrp+0x129
f78d6cb4 8080c5b0 85e17030 84f2be70 84f2bf04 mdt+0xb470
f78d6cc8 8080c69d 809c93b3 84f2bf04 84f2be70
nt!IofCallDriverSpecifyReturn+0x41
f78d6cdc 8080c85d 84f2bf04 84f2be70 809c93b3 nt!PopPresentIrp+0x59
f78d6d00 809c93b3 85e17030 85e177a8 84e9f27c nt!PoCallDriver+0x19b
f78d6d20 809c9479 808ac45c 84eb3a88 00000001 nt!PopNotifyDevice+0x1ac
f78d6d3c 809c977a 84e9f208 84e9f27c 00000001 nt!PopSleepDeviceList+0xb5
f78d6d64 809c5df3 00000000 85fa23f0 808b50a0
nt!PopSetDevicesSystemState+0x1cc
f78d6d80 80831e13 00000000 00000000 85fa23f0 nt!PopGracefulShutdown+0x178
f78d6dac 808fc3a4 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
f78d6ddc 80832195 80831d46 00000000 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

FOLLOWUP_IP:
nt!ExFreePool+f
8089a2f0 5d pop ebp

SYMBOL_STACK_INDEX: 7

FOLLOWUP_NAME: Pool_corruption

SYMBOL_NAME: nt!ExFreePool+f

MODULE_NAME: Pool_Corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: kb

FAILURE_BUCKET_ID: 0x4E_nt!ExFreePool+f

BUCKET_ID: 0x4E_nt!ExFreePool+f

Followup: Pool_corruption

2: kd> dd 85850000 ///Parameter passed to ExFreePool
85850000 ffffffff ffffffff ffffffff ffffffff
85850010 ffffffff ffffffff ffffffff ffffffff
85850020 ffffffff ffffffff ffffffff ffffffff
85850030 ffffffff ffffffff ffffffff ffffffff
85850040 ffffffff ffffffff ffffffff ffffffff
85850050 ffffffff ffffffff ffffffff ffffffff
85850060 ffffffff ffffffff ffffffff ffffffff
85850070 ffffffff ffffffff ffffffff ffffffff

============End crash==================

Following parameters of the bugcheck 0x4e are no where available.
Arg1: 0000009a,
Arg2: 00005850
Arg3: 00000006
Arg4: 00000002

Can anybody tell me what these parameters are? It is not working on the W2k3
SP1 while on w2k3 it works. What is the difference between ExFreePool in
normal W2k3 and in W2k3 SP1.

Thanx in advance,


_________________________________________________________________
Find love today with ninemsn personals. Click here:
http://ninemsn.match.com?referrer=hotmailtagline

MDL mismanagement - extra MmUnlockPages or such. The bugcheck is documented
in MSDN.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “yatindra vaishnav”
To: “Windows System Software Devs Interest List”
Sent: Monday, April 04, 2005 10:59 AM
Subject: [ntdev] Crash with the W2k3 SP1.

> Hi All,
> I’ve got a sever bug check 0x4e i.e. PFN_LIST_COURRUPT with following crash
> pattern.
>
> *****
>
>
> * Bugcheck Analysis
>
>
>
>

>
> PFN_LIST_CORRUPT (4e)
> Typically caused by drivers passing bad memory descriptor lists (ie: calling
> MmUnlockPages twice with the same list, etc). If a kernel debugger is
> available get the stack trace.
> Arguments:
> Arg1: 0000009a,
> Arg2: 00005850
> Arg3: 00000006
> Arg4: 00000002
>
> Debugging Details:
> ------------------
>
>
> OVERLAPPED_MODULE: rdbss
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x4E
>
> CURRENT_IRQL: 0
>
> LAST_CONTROL_TRANSFER: from 8087207f to 8082f270
>
> STACK_TEXT:
> f78d64fc 8087207f 00000003 00000000 0000004e
> nt!RtlpBreakWithStatusInstruction
> f78d6548 80872fae 00000003 81084794 81084780 nt!KiBugCheckDebugBreak+0x19
> f78d68e0 80873432 0000004e 0000009a 00005850 nt!KeBugCheck2+0x5b2
> f78d6900 80883996 0000004e 0000009a 00005850 nt!KeBugCheckEx+0x1b
> f78d691c 80898bf8 81084780 808b55c0 00d42858 nt!MiBadRefCount+0x33
> f78d6950 8089a565 85850000 f78d6a08 85f506f0 nt!MiFreePoolPages+0x5b9
> f78d69a8 8089a2f0 206d6457 00000000 f78d6a28 nt!ExFreePoolWithTag+0x277
> f78d69b8 f727087f 85850000 808b3648 859d20e0 nt!ExFreePool+0xf
> f78d6a28 f726f432 859d2000 00000000 859d20e0 thh_kl!remove_eq+0x1cf
> f78d6a50 f726d9b8 859d2000 00000000 00000000
> thh_kl!THH_eventp_teardown_eq+0x2a2 f78d6a64 f7247128 859d2000 00000246
> 00000000 thh_kl!THH_eventp_destroy+0x78
> f78d6aac f7247894 f751b808 00000000 f78d6acc
> thh_kl!THH_hob_close_hca_internal+0x258 f78d6abc f720629b f751b808 f751b808
> f78d6ae0 thh_kl!THH_hob_close_hca+0x14
> f78d6acc f72023af 85faf9c8 00000000 85faf9c8 vip_kl!HOBKL_destroy+0x14b
> f78d6ae0 f71d9ace 00000000 f78d6b0c f72e58a9 vip_kl!VIPKL_close_hca+0x4f
> f78d6aec f72e58a9 00000000 f78d6b10 00000001 vapi_kl!VAPI_close_hca+0xe
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> f78d6b0c f72e7a2f 85e17030 00000003 f78d6b30 mdt+0xa8a9
> f78d6b2c f72e6558 85e17030 00000004 808b3648 mdt+0xca2f
> f78d6bb4 8080c5b0 85e17030 8538c958 8538c9ec mdt+0xb558
> f78d6bc8 8080c69d 8080c41c 8538c9ec 8538c958
> nt!IofCallDriverSpecifyReturn+0x41
> f78d6bdc 8080c85d 8538c9ec 8538c958 8080c41c nt!PopPresentIrp+0x59
> f78d6c00 8080c41c 85e17030 85e177a8 808b3648 nt!PoCallDriver+0x19b
> f78d6c1c f72e6470 85edf700 00000002 00000004 nt!PoRequestPowerIrp+0x129
> f78d6cb4 8080c5b0 85e17030 84f2be70 84f2bf04 mdt+0xb470
> f78d6cc8 8080c69d 809c93b3 84f2bf04 84f2be70
> nt!IofCallDriverSpecifyReturn+0x41
> f78d6cdc 8080c85d 84f2bf04 84f2be70 809c93b3 nt!PopPresentIrp+0x59
> f78d6d00 809c93b3 85e17030 85e177a8 84e9f27c nt!PoCallDriver+0x19b
> f78d6d20 809c9479 808ac45c 84eb3a88 00000001 nt!PopNotifyDevice+0x1ac
> f78d6d3c 809c977a 84e9f208 84e9f27c 00000001 nt!PopSleepDeviceList+0xb5
> f78d6d64 809c5df3 00000000 85fa23f0 808b50a0
> nt!PopSetDevicesSystemState+0x1cc
> f78d6d80 80831e13 00000000 00000000 85fa23f0 nt!PopGracefulShutdown+0x178
> f78d6dac 808fc3a4 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
> f78d6ddc 80832195 80831d46 00000000 00000000 nt!PspSystemThreadStartup+0x2e
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
>
> FOLLOWUP_IP:
> nt!ExFreePool+f
> 8089a2f0 5d pop ebp
>
> SYMBOL_STACK_INDEX: 7
>
> FOLLOWUP_NAME: Pool_corruption
>
> SYMBOL_NAME: nt!ExFreePool+f
>
> MODULE_NAME: Pool_Corruption
>
> IMAGE_NAME: Pool_Corruption
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 0
>
> STACK_COMMAND: kb
>
> FAILURE_BUCKET_ID: 0x4E_nt!ExFreePool+f
>
> BUCKET_ID: 0x4E_nt!ExFreePool+f
>
> Followup: Pool_corruption
> ---------
>
> 2: kd> dd 85850000 ///Parameter passed to ExFreePool
> 85850000 ffffffff ffffffff ffffffff ffffffff
> 85850010 ffffffff ffffffff ffffffff ffffffff
> 85850020 ffffffff ffffffff ffffffff ffffffff
> 85850030 ffffffff ffffffff ffffffff ffffffff
> 85850040 ffffffff ffffffff ffffffff ffffffff
> 85850050 ffffffff ffffffff ffffffff ffffffff
> 85850060 ffffffff ffffffff ffffffff ffffffff
> 85850070 ffffffff ffffffff ffffffff ffffffff
>
> ============End crash==================
>
> Following parameters of the bugcheck 0x4e are no where available.
> Arg1: 0000009a,
> Arg2: 00005850
> Arg3: 00000006
> Arg4: 00000002
>
> Can anybody tell me what these parameters are? It is not working on the W2k3
> SP1 while on w2k3 it works. What is the difference between ExFreePool in
> normal W2k3 and in W2k3 SP1.
>
> Thanx in advance,
>
>
> _________________________________________________________________
> Find love today with ninemsn personals. Click here:
> http://ninemsn.match.com?referrer=hotmailtagline
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi Max,
It is documented but the parameters are not mentioned in the DDK, please
look at the complete mail. have you seen bugcheck code 0x4e with
Arg1:0000009a if yes then let me know.

Thanks in advance,


>From: “Maxim S. Shatskih”
>Reply-To: “Windows System Software Devs Interest List”
>
>To: “Windows System Software Devs Interest List”
>Subject: Re: [ntdev] Crash with the W2k3 SP1.
>Date: Mon, 4 Apr 2005 11:25:22 +0400
>
> MDL mismanagement - extra MmUnlockPages or such. The bugcheck is
>documented
>in MSDN.
>
>Maxim Shatskih, Windows DDK MVP
>StorageCraft Corporation
>xxxxx@storagecraft.com
>http://www.storagecraft.com
>
>----- Original Message -----
>From: “yatindra vaishnav”
>To: “Windows System Software Devs Interest List”
>Sent: Monday, April 04, 2005 10:59 AM
>Subject: [ntdev] Crash with the W2k3 SP1.
>
>
> > Hi All,
> > I’ve got a sever bug check 0x4e i.e. PFN_LIST_COURRUPT with following
>crash
> > pattern.
> >
> > *****
> >
> >
> > * Bugcheck Analysis
> >
> >
> >
> >

> >
> > PFN_LIST_CORRUPT (4e)
> > Typically caused by drivers passing bad memory descriptor lists (ie:
>calling
> > MmUnlockPages twice with the same list, etc). If a kernel debugger is
> > available get the stack trace.
> > Arguments:
> > Arg1: 0000009a,
> > Arg2: 00005850
> > Arg3: 00000006
> > Arg4: 00000002
> >
> > Debugging Details:
> > ------------------
> >
> >
> > OVERLAPPED_MODULE: rdbss
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x4E
> >
> > CURRENT_IRQL: 0
> >
> > LAST_CONTROL_TRANSFER: from 8087207f to 8082f270
> >
> > STACK_TEXT:
> > f78d64fc 8087207f 00000003 00000000 0000004e
> > nt!RtlpBreakWithStatusInstruction
> > f78d6548 80872fae 00000003 81084794 81084780
>nt!KiBugCheckDebugBreak+0x19
> > f78d68e0 80873432 0000004e 0000009a 00005850 nt!KeBugCheck2+0x5b2
> > f78d6900 80883996 0000004e 0000009a 00005850 nt!KeBugCheckEx+0x1b
> > f78d691c 80898bf8 81084780 808b55c0 00d42858 nt!MiBadRefCount+0x33
> > f78d6950 8089a565 85850000 f78d6a08 85f506f0 nt!MiFreePoolPages+0x5b9
> > f78d69a8 8089a2f0 206d6457 00000000 f78d6a28 nt!ExFreePoolWithTag+0x277
> > f78d69b8 f727087f 85850000 808b3648 859d20e0 nt!ExFreePool+0xf
> > f78d6a28 f726f432 859d2000 00000000 859d20e0 thh_kl!remove_eq+0x1cf
> > f78d6a50 f726d9b8 859d2000 00000000 00000000
> > thh_kl!THH_eventp_teardown_eq+0x2a2 f78d6a64 f7247128 859d2000 00000246
> > 00000000 thh_kl!THH_eventp_destroy+0x78
> > f78d6aac f7247894 f751b808 00000000 f78d6acc
> > thh_kl!THH_hob_close_hca_internal+0x258 f78d6abc f720629b f751b808
>f751b808
> > f78d6ae0 thh_kl!THH_hob_close_hca+0x14
> > f78d6acc f72023af 85faf9c8 00000000 85faf9c8 vip_kl!HOBKL_destroy+0x14b
> > f78d6ae0 f71d9ace 00000000 f78d6b0c f72e58a9 vip_kl!VIPKL_close_hca+0x4f
> > f78d6aec f72e58a9 00000000 f78d6b10 00000001 vapi_kl!VAPI_close_hca+0xe
> > WARNING: Stack unwind information not available. Following frames may be
> > wrong.
> > f78d6b0c f72e7a2f 85e17030 00000003 f78d6b30 mdt+0xa8a9
> > f78d6b2c f72e6558 85e17030 00000004 808b3648 mdt+0xca2f
> > f78d6bb4 8080c5b0 85e17030 8538c958 8538c9ec mdt+0xb558
> > f78d6bc8 8080c69d 8080c41c 8538c9ec 8538c958
> > nt!IofCallDriverSpecifyReturn+0x41
> > f78d6bdc 8080c85d 8538c9ec 8538c958 8080c41c nt!PopPresentIrp+0x59
> > f78d6c00 8080c41c 85e17030 85e177a8 808b3648 nt!PoCallDriver+0x19b
> > f78d6c1c f72e6470 85edf700 00000002 00000004 nt!PoRequestPowerIrp+0x129
> > f78d6cb4 8080c5b0 85e17030 84f2be70 84f2bf04 mdt+0xb470
> > f78d6cc8 8080c69d 809c93b3 84f2bf04 84f2be70
> > nt!IofCallDriverSpecifyReturn+0x41
> > f78d6cdc 8080c85d 84f2bf04 84f2be70 809c93b3 nt!PopPresentIrp+0x59
> > f78d6d00 809c93b3 85e17030 85e177a8 84e9f27c nt!PoCallDriver+0x19b
> > f78d6d20 809c9479 808ac45c 84eb3a88 00000001 nt!PopNotifyDevice+0x1ac
> > f78d6d3c 809c977a 84e9f208 84e9f27c 00000001 nt!PopSleepDeviceList+0xb5
> > f78d6d64 809c5df3 00000000 85fa23f0 808b50a0
> > nt!PopSetDevicesSystemState+0x1cc
> > f78d6d80 80831e13 00000000 00000000 85fa23f0
>nt!PopGracefulShutdown+0x178
> > f78d6dac 808fc3a4 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
> > f78d6ddc 80832195 80831d46 00000000 00000000
>nt!PspSystemThreadStartup+0x2e
> > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> >
> >
> > FOLLOWUP_IP:
> > nt!ExFreePool+f
> > 8089a2f0 5d pop ebp
> >
> > SYMBOL_STACK_INDEX: 7
> >
> > FOLLOWUP_NAME: Pool_corruption
> >
> > SYMBOL_NAME: nt!ExFreePool+f
> >
> > MODULE_NAME: Pool_Corruption
> >
> > IMAGE_NAME: Pool_Corruption
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 0
> >
> > STACK_COMMAND: kb
> >
> > FAILURE_BUCKET_ID: 0x4E_nt!ExFreePool+f
> >
> > BUCKET_ID: 0x4E_nt!ExFreePool+f
> >
> > Followup: Pool_corruption
> > ---------
> >
> > 2: kd> dd 85850000 ///Parameter passed to ExFreePool
> > 85850000 ffffffff ffffffff ffffffff ffffffff
> > 85850010 ffffffff ffffffff ffffffff ffffffff
> > 85850020 ffffffff ffffffff ffffffff ffffffff
> > 85850030 ffffffff ffffffff ffffffff ffffffff
> > 85850040 ffffffff ffffffff ffffffff ffffffff
> > 85850050 ffffffff ffffffff ffffffff ffffffff
> > 85850060 ffffffff ffffffff ffffffff ffffffff
> > 85850070 ffffffff ffffffff ffffffff ffffffff
> >
> > ============End crash==================
> >
> > Following parameters of the bugcheck 0x4e are no where available.
> > Arg1: 0000009a,
> > Arg2: 00005850
> > Arg3: 00000006
> > Arg4: 00000002
> >
> > Can anybody tell me what these parameters are? It is not working on the
>W2k3
> > SP1 while on w2k3 it works. What is the difference between ExFreePool in
> > normal W2k3 and in W2k3 SP1.
> >
> > Thanx in advance,
> >
> >
> >
> > Find love today with ninemsn personals. Click here:
> > http://ninemsn.match.com?referrer=hotmailtagline
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com


$60,000 prize pool to be won. Three winners. Apply now!
http://www.healthe.com.au/competition.do

Are you using the latest kd/windbg debugger package? If not, you should
upgrade. Once you have the latested, what does !analyze -v say?
Hopefully tt should be able to decode these new values.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yatindra vaishnav
Sent: Monday, April 04, 2005 12:43 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Crash with the W2k3 SP1.

Hi Max,
It is documented but the parameters are not mentioned in the DDK, please

look at the complete mail. have you seen bugcheck code 0x4e with
Arg1:0000009a if yes then let me know.

Thanks in advance,


>From: “Maxim S. Shatskih”
>Reply-To: “Windows System Software Devs Interest List”
>
>To: “Windows System Software Devs Interest List”
>Subject: Re: [ntdev] Crash with the W2k3 SP1.
>Date: Mon, 4 Apr 2005 11:25:22 +0400
>
> MDL mismanagement - extra MmUnlockPages or such. The bugcheck is
>documented
>in MSDN.
>
>Maxim Shatskih, Windows DDK MVP
>StorageCraft Corporation
>xxxxx@storagecraft.com
>http://www.storagecraft.com
>
>----- Original Message -----
>From: “yatindra vaishnav”
>To: “Windows System Software Devs Interest List”
>Sent: Monday, April 04, 2005 10:59 AM
>Subject: [ntdev] Crash with the W2k3 SP1.
>
>
> > Hi All,
> > I’ve got a sever bug check 0x4e i.e. PFN_LIST_COURRUPT with
following
>crash
> > pattern.
> >
> > *****
> >
> >
> > * Bugcheck Analysis
> >
> >
> >
> >

> >
> > PFN_LIST_CORRUPT (4e)
> > Typically caused by drivers passing bad memory descriptor lists (ie:

>calling
> > MmUnlockPages twice with the same list, etc). If a kernel debugger
is
> > available get the stack trace.
> > Arguments:
> > Arg1: 0000009a,
> > Arg2: 00005850
> > Arg3: 00000006
> > Arg4: 00000002
> >
> > Debugging Details:
> > ------------------
> >
> >
> > OVERLAPPED_MODULE: rdbss
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x4E
> >
> > CURRENT_IRQL: 0
> >
> > LAST_CONTROL_TRANSFER: from 8087207f to 8082f270
> >
> > STACK_TEXT:
> > f78d64fc 8087207f 00000003 00000000 0000004e
> > nt!RtlpBreakWithStatusInstruction
> > f78d6548 80872fae 00000003 81084794 81084780
>nt!KiBugCheckDebugBreak+0x19
> > f78d68e0 80873432 0000004e 0000009a 00005850 nt!KeBugCheck2+0x5b2
> > f78d6900 80883996 0000004e 0000009a 00005850 nt!KeBugCheckEx+0x1b
> > f78d691c 80898bf8 81084780 808b55c0 00d42858 nt!MiBadRefCount+0x33
> > f78d6950 8089a565 85850000 f78d6a08 85f506f0
nt!MiFreePoolPages+0x5b9
> > f78d69a8 8089a2f0 206d6457 00000000 f78d6a28
nt!ExFreePoolWithTag+0x277
> > f78d69b8 f727087f 85850000 808b3648 859d20e0 nt!ExFreePool+0xf
> > f78d6a28 f726f432 859d2000 00000000 859d20e0 thh_kl!remove_eq+0x1cf
> > f78d6a50 f726d9b8 859d2000 00000000 00000000
> > thh_kl!THH_eventp_teardown_eq+0x2a2 f78d6a64 f7247128 859d2000
00000246
> > 00000000 thh_kl!THH_eventp_destroy+0x78
> > f78d6aac f7247894 f751b808 00000000 f78d6acc
> > thh_kl!THH_hob_close_hca_internal+0x258 f78d6abc f720629b f751b808
>f751b808
> > f78d6ae0 thh_kl!THH_hob_close_hca+0x14
> > f78d6acc f72023af 85faf9c8 00000000 85faf9c8
vip_kl!HOBKL_destroy+0x14b
> > f78d6ae0 f71d9ace 00000000 f78d6b0c f72e58a9
vip_kl!VIPKL_close_hca+0x4f
> > f78d6aec f72e58a9 00000000 f78d6b10 00000001
vapi_kl!VAPI_close_hca+0xe
> > WARNING: Stack unwind information not available. Following frames
may be
> > wrong.
> > f78d6b0c f72e7a2f 85e17030 00000003 f78d6b30 mdt+0xa8a9
> > f78d6b2c f72e6558 85e17030 00000004 808b3648 mdt+0xca2f
> > f78d6bb4 8080c5b0 85e17030 8538c958 8538c9ec mdt+0xb558
> > f78d6bc8 8080c69d 8080c41c 8538c9ec 8538c958
> > nt!IofCallDriverSpecifyReturn+0x41
> > f78d6bdc 8080c85d 8538c9ec 8538c958 8080c41c nt!PopPresentIrp+0x59
> > f78d6c00 8080c41c 85e17030 85e177a8 808b3648 nt!PoCallDriver+0x19b
> > f78d6c1c f72e6470 85edf700 00000002 00000004
nt!PoRequestPowerIrp+0x129
> > f78d6cb4 8080c5b0 85e17030 84f2be70 84f2bf04 mdt+0xb470
> > f78d6cc8 8080c69d 809c93b3 84f2bf04 84f2be70
> > nt!IofCallDriverSpecifyReturn+0x41
> > f78d6cdc 8080c85d 84f2bf04 84f2be70 809c93b3 nt!PopPresentIrp+0x59
> > f78d6d00 809c93b3 85e17030 85e177a8 84e9f27c nt!PoCallDriver+0x19b
> > f78d6d20 809c9479 808ac45c 84eb3a88 00000001
nt!PopNotifyDevice+0x1ac
> > f78d6d3c 809c977a 84e9f208 84e9f27c 00000001
nt!PopSleepDeviceList+0xb5
> > f78d6d64 809c5df3 00000000 85fa23f0 808b50a0
> > nt!PopSetDevicesSystemState+0x1cc
> > f78d6d80 80831e13 00000000 00000000 85fa23f0
>nt!PopGracefulShutdown+0x178
> > f78d6dac 808fc3a4 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
> > f78d6ddc 80832195 80831d46 00000000 00000000
>nt!PspSystemThreadStartup+0x2e
> > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> >
> >
> > FOLLOWUP_IP:
> > nt!ExFreePool+f
> > 8089a2f0 5d pop ebp
> >
> > SYMBOL_STACK_INDEX: 7
> >
> > FOLLOWUP_NAME: Pool_corruption
> >
> > SYMBOL_NAME: nt!ExFreePool+f
> >
> > MODULE_NAME: Pool_Corruption
> >
> > IMAGE_NAME: Pool_Corruption
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 0
> >
> > STACK_COMMAND: kb
> >
> > FAILURE_BUCKET_ID: 0x4E_nt!ExFreePool+f
> >
> > BUCKET_ID: 0x4E_nt!ExFreePool+f
> >
> > Followup: Pool_corruption
> > ---------
> >
> > 2: kd> dd 85850000 ///Parameter passed to ExFreePool
> > 85850000 ffffffff ffffffff ffffffff ffffffff
> > 85850010 ffffffff ffffffff ffffffff ffffffff
> > 85850020 ffffffff ffffffff ffffffff ffffffff
> > 85850030 ffffffff ffffffff ffffffff ffffffff
> > 85850040 ffffffff ffffffff ffffffff ffffffff
> > 85850050 ffffffff ffffffff ffffffff ffffffff
> > 85850060 ffffffff ffffffff ffffffff ffffffff
> > 85850070 ffffffff ffffffff ffffffff ffffffff
> >
> > ============End crash==================
> >
> > Following parameters of the bugcheck 0x4e are no where available.
> > Arg1: 0000009a,
> > Arg2: 00005850
> > Arg3: 00000006
> > Arg4: 00000002
> >
> > Can anybody tell me what these parameters are? It is not working on
the
>W2k3
> > SP1 while on w2k3 it works. What is the difference between
ExFreePool in
> > normal W2k3 and in W2k3 SP1.
> >
> > Thanx in advance,
> >
> >
> >
> > Find love today with ninemsn personals. Click here:
> > http://ninemsn.match.com?referrer=hotmailtagline
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com


$60,000 prize pool to be won. Three winners. Apply now!
http://www.healthe.com.au/competition.do


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

From what I know, this means damaged list of free physical pages.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “yatindra vaishnav”
To: “Windows System Software Devs Interest List”
Sent: Monday, April 04, 2005 11:42 AM
Subject: Re: [ntdev] Crash with the W2k3 SP1.

> Hi Max,
> It is documented but the parameters are not mentioned in the DDK, please
> look at the complete mail. have you seen bugcheck code 0x4e with
> Arg1:0000009a if yes then let me know.
>
> Thanks in advance,
>
>
> >From: “Maxim S. Shatskih”
> >Reply-To: “Windows System Software Devs Interest List”
> >
> >To: “Windows System Software Devs Interest List”
> >Subject: Re: [ntdev] Crash with the W2k3 SP1.
> >Date: Mon, 4 Apr 2005 11:25:22 +0400
> >
> > MDL mismanagement - extra MmUnlockPages or such. The bugcheck is
> >documented
> >in MSDN.
> >
> >Maxim Shatskih, Windows DDK MVP
> >StorageCraft Corporation
> >xxxxx@storagecraft.com
> >http://www.storagecraft.com
> >
> >----- Original Message -----
> >From: “yatindra vaishnav”
> >To: “Windows System Software Devs Interest List”
> >Sent: Monday, April 04, 2005 10:59 AM
> >Subject: [ntdev] Crash with the W2k3 SP1.
> >
> >
> > > Hi All,
> > > I’ve got a sever bug check 0x4e i.e. PFN_LIST_COURRUPT with following
> >crash
> > > pattern.
> > >
> > > *****
> > >
> > >
> > > * Bugcheck Analysis
> > >
> > >
> > >
> > >

> > >
> > > PFN_LIST_CORRUPT (4e)
> > > Typically caused by drivers passing bad memory descriptor lists (ie:
> >calling
> > > MmUnlockPages twice with the same list, etc). If a kernel debugger is
> > > available get the stack trace.
> > > Arguments:
> > > Arg1: 0000009a,
> > > Arg2: 00005850
> > > Arg3: 00000006
> > > Arg4: 00000002
> > >
> > > Debugging Details:
> > > ------------------
> > >
> > >
> > > OVERLAPPED_MODULE: rdbss
> > >
> > > DEFAULT_BUCKET_ID: DRIVER_FAULT
> > >
> > > BUGCHECK_STR: 0x4E
> > >
> > > CURRENT_IRQL: 0
> > >
> > > LAST_CONTROL_TRANSFER: from 8087207f to 8082f270
> > >
> > > STACK_TEXT:
> > > f78d64fc 8087207f 00000003 00000000 0000004e
> > > nt!RtlpBreakWithStatusInstruction
> > > f78d6548 80872fae 00000003 81084794 81084780
> >nt!KiBugCheckDebugBreak+0x19
> > > f78d68e0 80873432 0000004e 0000009a 00005850 nt!KeBugCheck2+0x5b2
> > > f78d6900 80883996 0000004e 0000009a 00005850 nt!KeBugCheckEx+0x1b
> > > f78d691c 80898bf8 81084780 808b55c0 00d42858 nt!MiBadRefCount+0x33
> > > f78d6950 8089a565 85850000 f78d6a08 85f506f0 nt!MiFreePoolPages+0x5b9
> > > f78d69a8 8089a2f0 206d6457 00000000 f78d6a28 nt!ExFreePoolWithTag+0x277
> > > f78d69b8 f727087f 85850000 808b3648 859d20e0 nt!ExFreePool+0xf
> > > f78d6a28 f726f432 859d2000 00000000 859d20e0 thh_kl!remove_eq+0x1cf
> > > f78d6a50 f726d9b8 859d2000 00000000 00000000
> > > thh_kl!THH_eventp_teardown_eq+0x2a2 f78d6a64 f7247128 859d2000 00000246
> > > 00000000 thh_kl!THH_eventp_destroy+0x78
> > > f78d6aac f7247894 f751b808 00000000 f78d6acc
> > > thh_kl!THH_hob_close_hca_internal+0x258 f78d6abc f720629b f751b808
> >f751b808
> > > f78d6ae0 thh_kl!THH_hob_close_hca+0x14
> > > f78d6acc f72023af 85faf9c8 00000000 85faf9c8 vip_kl!HOBKL_destroy+0x14b
> > > f78d6ae0 f71d9ace 00000000 f78d6b0c f72e58a9 vip_kl!VIPKL_close_hca+0x4f
> > > f78d6aec f72e58a9 00000000 f78d6b10 00000001 vapi_kl!VAPI_close_hca+0xe
> > > WARNING: Stack unwind information not available. Following frames may be
> > > wrong.
> > > f78d6b0c f72e7a2f 85e17030 00000003 f78d6b30 mdt+0xa8a9
> > > f78d6b2c f72e6558 85e17030 00000004 808b3648 mdt+0xca2f
> > > f78d6bb4 8080c5b0 85e17030 8538c958 8538c9ec mdt+0xb558
> > > f78d6bc8 8080c69d 8080c41c 8538c9ec 8538c958
> > > nt!IofCallDriverSpecifyReturn+0x41
> > > f78d6bdc 8080c85d 8538c9ec 8538c958 8080c41c nt!PopPresentIrp+0x59
> > > f78d6c00 8080c41c 85e17030 85e177a8 808b3648 nt!PoCallDriver+0x19b
> > > f78d6c1c f72e6470 85edf700 00000002 00000004 nt!PoRequestPowerIrp+0x129
> > > f78d6cb4 8080c5b0 85e17030 84f2be70 84f2bf04 mdt+0xb470
> > > f78d6cc8 8080c69d 809c93b3 84f2bf04 84f2be70
> > > nt!IofCallDriverSpecifyReturn+0x41
> > > f78d6cdc 8080c85d 84f2bf04 84f2be70 809c93b3 nt!PopPresentIrp+0x59
> > > f78d6d00 809c93b3 85e17030 85e177a8 84e9f27c nt!PoCallDriver+0x19b
> > > f78d6d20 809c9479 808ac45c 84eb3a88 00000001 nt!PopNotifyDevice+0x1ac
> > > f78d6d3c 809c977a 84e9f208 84e9f27c 00000001 nt!PopSleepDeviceList+0xb5
> > > f78d6d64 809c5df3 00000000 85fa23f0 808b50a0
> > > nt!PopSetDevicesSystemState+0x1cc
> > > f78d6d80 80831e13 00000000 00000000 85fa23f0
> >nt!PopGracefulShutdown+0x178
> > > f78d6dac 808fc3a4 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
> > > f78d6ddc 80832195 80831d46 00000000 00000000
> >nt!PspSystemThreadStartup+0x2e
> > > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> > >
> > >
> > > FOLLOWUP_IP:
> > > nt!ExFreePool+f
> > > 8089a2f0 5d pop ebp
> > >
> > > SYMBOL_STACK_INDEX: 7
> > >
> > > FOLLOWUP_NAME: Pool_corruption
> > >
> > > SYMBOL_NAME: nt!ExFreePool+f
> > >
> > > MODULE_NAME: Pool_Corruption
> > >
> > > IMAGE_NAME: Pool_Corruption
> > >
> > > DEBUG_FLR_IMAGE_TIMESTAMP: 0
> > >
> > > STACK_COMMAND: kb
> > >
> > > FAILURE_BUCKET_ID: 0x4E_nt!ExFreePool+f
> > >
> > > BUCKET_ID: 0x4E_nt!ExFreePool+f
> > >
> > > Followup: Pool_corruption
> > > ---------
> > >
> > > 2: kd> dd 85850000 ///Parameter passed to ExFreePool
> > > 85850000 ffffffff ffffffff ffffffff ffffffff
> > > 85850010 ffffffff ffffffff ffffffff ffffffff
> > > 85850020 ffffffff ffffffff ffffffff ffffffff
> > > 85850030 ffffffff ffffffff ffffffff ffffffff
> > > 85850040 ffffffff ffffffff ffffffff ffffffff
> > > 85850050 ffffffff ffffffff ffffffff ffffffff
> > > 85850060 ffffffff ffffffff ffffffff ffffffff
> > > 85850070 ffffffff ffffffff ffffffff ffffffff
> > >
> > > ============End crash==================
> > >
> > > Following parameters of the bugcheck 0x4e are no where available.
> > > Arg1: 0000009a,
> > > Arg2: 00005850
> > > Arg3: 00000006
> > > Arg4: 00000002
> > >
> > > Can anybody tell me what these parameters are? It is not working on the
> >W2k3
> > > SP1 while on w2k3 it works. What is the difference between ExFreePool in
> > > normal W2k3 and in W2k3 SP1.
> > >
> > > Thanx in advance,
> > >
> > >
> > >
> > > Find love today with ninemsn personals. Click here:
> > > http://ninemsn.match.com?referrer=hotmailtagline
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> >http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >—
> >Questions? First check the Kernel Driver FAQ at
> >http://www.osronline.com/article.cfm?id=256
> >
> >You are currently subscribed to ntdev as: xxxxx@hotmail.com
> >To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

> $60,000 prize pool to be won. Three winners. Apply now!
> http://www.healthe.com.au/competition.do
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi Doren,
I’m using latest debugger package, but it is also not helping.

Thanx,


>From: “Doron Holan”
>Reply-To: “Windows System Software Devs Interest List”
>
>To: “Windows System Software Devs Interest List”
>Subject: RE: [ntdev] Crash with the W2k3 SP1.
>Date: Mon, 4 Apr 2005 01:06:31 -0700
>
>Are you using the latest kd/windbg debugger package? If not, you should
>upgrade. Once you have the latested, what does !analyze -v say?
>Hopefully tt should be able to decode these new values.
>
>d
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of yatindra vaishnav
>Sent: Monday, April 04, 2005 12:43 AM
>To: Windows System Software Devs Interest List
>Subject: Re: [ntdev] Crash with the W2k3 SP1.
>
>Hi Max,
>It is documented but the parameters are not mentioned in the DDK, please
>
>look at the complete mail. have you seen bugcheck code 0x4e with
>Arg1:0000009a if yes then let me know.
>
>Thanks in advance,
>
>
> >From: “Maxim S. Shatskih”
> >Reply-To: “Windows System Software Devs Interest List”
> >
> >To: “Windows System Software Devs Interest List”
> >Subject: Re: [ntdev] Crash with the W2k3 SP1.
> >Date: Mon, 4 Apr 2005 11:25:22 +0400
> >
> > MDL mismanagement - extra MmUnlockPages or such. The bugcheck is
> >documented
> >in MSDN.
> >
> >Maxim Shatskih, Windows DDK MVP
> >StorageCraft Corporation
> >xxxxx@storagecraft.com
> >http://www.storagecraft.com
> >
> >----- Original Message -----
> >From: “yatindra vaishnav”
> >To: “Windows System Software Devs Interest List”
> >Sent: Monday, April 04, 2005 10:59 AM
> >Subject: [ntdev] Crash with the W2k3 SP1.
> >
> >
> > > Hi All,
> > > I’ve got a sever bug check 0x4e i.e. PFN_LIST_COURRUPT with
>following
> >crash
> > > pattern.
> > >
> > > *****
> > >
> > >
> > > * Bugcheck Analysis
> > >
> > >
> > >
> > >

> > >
> > > PFN_LIST_CORRUPT (4e)
> > > Typically caused by drivers passing bad memory descriptor lists (ie:
>
> >calling
> > > MmUnlockPages twice with the same list, etc). If a kernel debugger
>is
> > > available get the stack trace.
> > > Arguments:
> > > Arg1: 0000009a,
> > > Arg2: 00005850
> > > Arg3: 00000006
> > > Arg4: 00000002
> > >
> > > Debugging Details:
> > > ------------------
> > >
> > >
> > > OVERLAPPED_MODULE: rdbss
> > >
> > > DEFAULT_BUCKET_ID: DRIVER_FAULT
> > >
> > > BUGCHECK_STR: 0x4E
> > >
> > > CURRENT_IRQL: 0
> > >
> > > LAST_CONTROL_TRANSFER: from 8087207f to 8082f270
> > >
> > > STACK_TEXT:
> > > f78d64fc 8087207f 00000003 00000000 0000004e
> > > nt!RtlpBreakWithStatusInstruction
> > > f78d6548 80872fae 00000003 81084794 81084780
> >nt!KiBugCheckDebugBreak+0x19
> > > f78d68e0 80873432 0000004e 0000009a 00005850 nt!KeBugCheck2+0x5b2
> > > f78d6900 80883996 0000004e 0000009a 00005850 nt!KeBugCheckEx+0x1b
> > > f78d691c 80898bf8 81084780 808b55c0 00d42858 nt!MiBadRefCount+0x33
> > > f78d6950 8089a565 85850000 f78d6a08 85f506f0
>nt!MiFreePoolPages+0x5b9
> > > f78d69a8 8089a2f0 206d6457 00000000 f78d6a28
>nt!ExFreePoolWithTag+0x277
> > > f78d69b8 f727087f 85850000 808b3648 859d20e0 nt!ExFreePool+0xf
> > > f78d6a28 f726f432 859d2000 00000000 859d20e0 thh_kl!remove_eq+0x1cf
> > > f78d6a50 f726d9b8 859d2000 00000000 00000000
> > > thh_kl!THH_eventp_teardown_eq+0x2a2 f78d6a64 f7247128 859d2000
>00000246
> > > 00000000 thh_kl!THH_eventp_destroy+0x78
> > > f78d6aac f7247894 f751b808 00000000 f78d6acc
> > > thh_kl!THH_hob_close_hca_internal+0x258 f78d6abc f720629b f751b808
> >f751b808
> > > f78d6ae0 thh_kl!THH_hob_close_hca+0x14
> > > f78d6acc f72023af 85faf9c8 00000000 85faf9c8
>vip_kl!HOBKL_destroy+0x14b
> > > f78d6ae0 f71d9ace 00000000 f78d6b0c f72e58a9
>vip_kl!VIPKL_close_hca+0x4f
> > > f78d6aec f72e58a9 00000000 f78d6b10 00000001
>vapi_kl!VAPI_close_hca+0xe
> > > WARNING: Stack unwind information not available. Following frames
>may be
> > > wrong.
> > > f78d6b0c f72e7a2f 85e17030 00000003 f78d6b30 mdt+0xa8a9
> > > f78d6b2c f72e6558 85e17030 00000004 808b3648 mdt+0xca2f
> > > f78d6bb4 8080c5b0 85e17030 8538c958 8538c9ec mdt+0xb558
> > > f78d6bc8 8080c69d 8080c41c 8538c9ec 8538c958
> > > nt!IofCallDriverSpecifyReturn+0x41
> > > f78d6bdc 8080c85d 8538c9ec 8538c958 8080c41c nt!PopPresentIrp+0x59
> > > f78d6c00 8080c41c 85e17030 85e177a8 808b3648 nt!PoCallDriver+0x19b
> > > f78d6c1c f72e6470 85edf700 00000002 00000004
>nt!PoRequestPowerIrp+0x129
> > > f78d6cb4 8080c5b0 85e17030 84f2be70 84f2bf04 mdt+0xb470
> > > f78d6cc8 8080c69d 809c93b3 84f2bf04 84f2be70
> > > nt!IofCallDriverSpecifyReturn+0x41
> > > f78d6cdc 8080c85d 84f2bf04 84f2be70 809c93b3 nt!PopPresentIrp+0x59
> > > f78d6d00 809c93b3 85e17030 85e177a8 84e9f27c nt!PoCallDriver+0x19b
> > > f78d6d20 809c9479 808ac45c 84eb3a88 00000001
>nt!PopNotifyDevice+0x1ac
> > > f78d6d3c 809c977a 84e9f208 84e9f27c 00000001
>nt!PopSleepDeviceList+0xb5
> > > f78d6d64 809c5df3 00000000 85fa23f0 808b50a0
> > > nt!PopSetDevicesSystemState+0x1cc
> > > f78d6d80 80831e13 00000000 00000000 85fa23f0
> >nt!PopGracefulShutdown+0x178
> > > f78d6dac 808fc3a4 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb
> > > f78d6ddc 80832195 80831d46 00000000 00000000
> >nt!PspSystemThreadStartup+0x2e
> > > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> > >
> > >
> > > FOLLOWUP_IP:
> > > nt!ExFreePool+f
> > > 8089a2f0 5d pop ebp
> > >
> > > SYMBOL_STACK_INDEX: 7
> > >
> > > FOLLOWUP_NAME: Pool_corruption
> > >
> > > SYMBOL_NAME: nt!ExFreePool+f
> > >
> > > MODULE_NAME: Pool_Corruption
> > >
> > > IMAGE_NAME: Pool_Corruption
> > >
> > > DEBUG_FLR_IMAGE_TIMESTAMP: 0
> > >
> > > STACK_COMMAND: kb
> > >
> > > FAILURE_BUCKET_ID: 0x4E_nt!ExFreePool+f
> > >
> > > BUCKET_ID: 0x4E_nt!ExFreePool+f
> > >
> > > Followup: Pool_corruption
> > > ---------
> > >
> > > 2: kd> dd 85850000 ///Parameter passed to ExFreePool
> > > 85850000 ffffffff ffffffff ffffffff ffffffff
> > > 85850010 ffffffff ffffffff ffffffff ffffffff
> > > 85850020 ffffffff ffffffff ffffffff ffffffff
> > > 85850030 ffffffff ffffffff ffffffff ffffffff
> > > 85850040 ffffffff ffffffff ffffffff ffffffff
> > > 85850050 ffffffff ffffffff ffffffff ffffffff
> > > 85850060 ffffffff ffffffff ffffffff ffffffff
> > > 85850070 ffffffff ffffffff ffffffff ffffffff
> > >
> > > ============End crash==================
> > >
> > > Following parameters of the bugcheck 0x4e are no where available.
> > > Arg1: 0000009a,
> > > Arg2: 00005850
> > > Arg3: 00000006
> > > Arg4: 00000002
> > >
> > > Can anybody tell me what these parameters are? It is not working on
>the
> >W2k3
> > > SP1 while on w2k3 it works. What is the difference between
>ExFreePool in
> > > normal W2k3 and in W2k3 SP1.
> > >
> > > Thanx in advance,
> > >
> > >
> > >
> > > Find love today with ninemsn personals. Click here:
> > > http://ninemsn.match.com?referrer=hotmailtagline
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> >http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >—
> >Questions? First check the Kernel Driver FAQ at
> >http://www.osronline.com/article.cfm?id=256
> >
> >You are currently subscribed to ntdev as: xxxxx@hotmail.com
> >To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

>$60,000 prize pool to be won. Three winners. Apply now!
>http://www.healthe.com.au/competition.do
>
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
>To unsubscribe send a blank email to xxxxx@lists.osr.com

_________________________________________________________________
$60,000 prize pool to be won. Three winners. Apply now!
http://www.healthe.com.au/competition.do